This blog was written by an independent guest blogger.
Modern technologies and work flexibilities, such as cloud computing, work-from-anywhere, remote employees connecting to the internal network, and so on, enhance the organizations' operation and provide ease of management. Consequently, they impact the organizations' security controls and introduce additional attack surfaces or opportunities for intruders to attack.
This situation demands security analysts to adopt modern attack surface management techniques and technologies.
Concept and role of Attack Surface Management
Attack Surface Management (ASM) identifies, categorizes, evaluates, prioritizes, and supervises all the information and critical assets of an organization to manage the external assets that an attacker might compromise, such as the website, company's social media accounts, and others.
The traditional security controls, for instance, firewall, IPS, network segmentation, etc., protect the organization's network; however, attackers adopt other unanticipated attack vectors. They target the organization's private attack surface that the automated scanner and security team often ignore—for example, targeting an employee on the social media platform or targeting chat/collaboration tools, such as Slack or WhatsApp. Additionally, supply chain attacks also open another attack surface for organizations to manage.
There are five critical aspects of attack surface management.
1. Discover your resources
The discovery stage identifies business resources, which include undocumented assets as well—for example, a sub-domain with open ports, an underdevelopment app on the production server, and others.
Furthermore, this stage discovers various Personally Identifiable Information (PII) information and resources that hackers mimic and use to impersonate the organization's employees. Third-party services or suppliers linked to the firm's resources also emerge during the discovery phase, and because they are members of the organization environment, they broaden the attack surface.
Apart from this, the organization should utilize tools to discover unknown or private channels that people use for business operations. People generally use WhatsApp and related apps for business communications; it needs to be documented.
2. Manage asset inventory and classification
Organizations must establish an inventory list with appropriate tags based on the type, technological attributes, regulatory requirements and value to the corporation in this stage.
The resource classes managed by every department may vary. For instance, although the network group might monitor modifications in DNS records, the marketing department could oversee social media profile administration.
Individuals in leadership roles need fast accessibility to the resources they manage. As a result, it is critical to establish a proper classified inventory.
3. Validate continuous monitoring
Resources are continuously changing, and security professionals find it tough to maintain the pace of up-to-date resources as their inventory increases. Many third-party programs are operating on resources, and dozens of potentially exploited security flaws are reported on such programs every other day. As a result, it is critical to validate and monitor resources 24/7 for weaknesses and configuration issues.
In addition to that, organizations should monitor the deep and the dark web; intruders generally don't discuss opportunities on the public web; they talk and collaborate with people on the dark web. Therefore, organizations should monitor relevant keywords, such as business/project name, key personnel details, and other confidential information.
4. Prioritize resources and vulnerabilities
Without meaningful risk assessment and security evaluations, managing the attack surface would be difficult. It is tough to know what security risks a resource has - opening the corporation to security breaches, information leakage, or other cyber threats - without vulnerability scanning. That is why it is critical to identify, evaluate, and assess virtual resources so an organization can see which threats ought to be reduced and prioritized. Thus, vulnerability management helps in identifying weaknesses, and it also prioritizes them.
5. Track changes in services
Constant tracking of an organization's public and private resources plays a vital role. It includes phishing websites that steal credentials, a fake mobile app that associates with organizations, and online risks like false social media profiles. To maintain a comprehensive awareness of attack vectors across the company, regular tracking of hostile individuals and activities is essential. Also, this stage enforces documentation of any amendments in the existing inventory, such as releasing a new web app or an additional mail server connected with the network.
Cybersecurity, in general, is evolving; every technology brings its associated risk. Thus, ASM techniques should also adopt the latest tools and techniques; the steps mentioned above help organizations effectively manage their resources.